Gentoo Archives: gentoo-user

From: Ian Zimmerman <itz@××××××××××××.org>
To: gentoo-user@l.g.o
Subject: [gentoo-user] certbot confusion
Date: Sat, 26 Aug 2017 06:41:02
1 I don't understand the letsencrypt certbot renewal process, specifically
2 the hooks.
4 I have two certificates: one for webserver, one for mailserver. I got
5 them only very recently so I until now the renewal cronjob has always
6 been a no-op, but the real thing will happen very soon. When it does,
7 presumably I need to have both daemons restarted so that they read the
8 renewed certificates. So, how do I do this? Right now my cronjob is
9 just
11 certbot renew -n --standalone --preferred-challenges tls-sni
13 which should renew any and all certificates when they're "close" to
14 expiring. But the documentation doesn't say if I can have multiple
15 --pre-hook and --post-hook options and what the semantics would be. The
16 closest it comes is:
18 When renewing several certificates that have identical pre-hooks, only
19 the first will be executed.
21 which doesn't make any sense: what does it mean for a certificate to
22 "have" a pre-hook? The pre-hook is just there on the command line,
23 there is no association with a particular certificate that a machine
24 could infer.
26 The cop-out solution is to have a single pre-hook and a single
27 post-hook, which stop (resp. start) both daemons, but that is ugly. How
28 do people handle this?
30 --
31 Please don't Cc: me privately on mailing lists and Usenet,
32 if you also post the followup to the list or newsgroup.
33 Do obvious transformation on domain to reply privately _only_ on Usenet.


Subject Author
Re: [gentoo-user] certbot confusion Ralph Seichter <m16+gentoo@×××××××××××.net>
Re: [gentoo-user] certbot confusion "Canek Peláez Valdés" <caneko@×××××.com>